SlideShare ist ein Scribd-Unternehmen logo

DCSF19 Docker Containers & Java: What I Wish I Had Been Told

Docker, Inc.
Docker, Inc.

Mohammed Aboullaite, xHub Nowadays, containers are more than a cool new tool to play with - they've revolutionized the way we develop, architect and ship software and have become part of our day-to-day operations. On the other hand, Java has been around for more than 2 decades, dominating the entreprise world. Both advocate the "RUN anywhere" principal, but, is it that easy? No! Your perfect working local container will most probably fail on production because of MEMORY &/or CPU issues, since jvm apps assume they OWN the server they are running on. This session will look at the gotchas of running JVM apps in containers & how to avoid costly pitfalls. We will cover: _ what updates Java 10 brought to the table to improve container awareness and the issues related to prior versions, including how to address each one of them to avoid the mess. - tips and tricks to obtain smaller images & best practices while writing your DockerFiles - some plugins to helps non-containers experts integrate docker in their development process; and - the concept of "Distroless" Docker Images and how to benefit from it.

Technologie
1 von 43
Downloaden Sie, um offline zu lesen
Docker containers & java What I wish I’ve been told!
Mohammed Aboullaite @laytoun Deputy CTO - xHub Docker containers & java!
Hi, I’m Fero!
Agenda ● Java in containers … a good idea ? ● Creating effective Java Docker Images: smaller, faster, secure. ● Tools and libraries: build, versioning, testing ● Going to production … what we should know !? ● Java & Docker Container features
Containers are everywhere!
Even if you don’t run containers … You’re in a container! You’re always in a container!
Docker Containers & Java
First try...
Your Java Runtime... ● Oracle JDK ● OpenJDK builds by Oracle ● AdoptOpenJDK builds ● AdoptOpenJDK OpenJ9 builds ● Linux (Red Hat, Debian, Fedora, Arch, Ubuntu) OpenJDK builds ● Azul Zulu ● Amazon Corretto ● SAP SapMachine ● Liberica from Bellsoft https://blog.joda.org/2018/09/time-to-look-beyond-oracles-jdk.html
Image size Java • Java Modularity • Code refactoring • Dependencies Docker • Smaller base image • Layers & Caching (dockerfilelint) • Clean up right away • Dockerignore (faster builds) • Multistage Build • docker-squash https://docs.docker.com/develop/develop-images/dockerfile_best-practices/
Did someone say alpine ?! Lightweight Linux distribution based on musl libc and busybox Project Portola: https://openjdk.java.net/projects/portola/
Did someone say alpine ?!
Java docker image size
Distroless Container Image “Distroless" images contain only your application and its runtime dependencies. They do not contain package managers, shells or any other programs you would expect to find in a standard Linux distribution.” ● Built using Google’s bazel tool ● Provide stripped down base image ● Support for: Java, Golang, Dotnet, Node, Python, C https://github.com/GoogleContainerTools/distroless
Why should I care ?! ● Effective tracking: Improves the signal to noise of scanners (e.g. CVE) ● Time and cost: Faster updates, less network costs ● Security: Less components that can be exploited and smaller attack surface Tips and tricks from Docker captains
Fast startup Java • Java 11 • Class-Data Sharing: since java 5 • Ahead-Of-Time compilation: since java 9 • Native image build: Graal VM
Demo https://github.com/aboullaite/java-docker
Containers are the executables of the cloud!
But ... Java jam jam Java
Maven ● fabric8-maven-plugin (Fabric8) ● dockerfile-maven-plugin (spotify) ● Maven exec plugin (Not elegant!) Maven fabric8 docker maven Maven spotify docker maven spotify docker client Maven maven exec
Gradle ● Docker Gradle Plugin (Benjamin Muschko) ● Docker Gradle Plugin (palantir) ● Docker Gradle Plugin (Transmode) Gradle palantir gradle docker Gradle Transmode gradle docker Docker java client Gradle Benjamin gradle docker Docker java client
Google Jib Fast for incremental builds Daemonless Pure Java Reproducible Maven and Gradle Support
What it does ... FROM gcr.io/distroless/java COPY target/dependencies /app/dependencies COPY target/resources /app/resources COPY target/classes /app/classes ENTRYPOINT java -cp /app/dependencies/*:/app/resources:/app/classes my.app.Main
Image versioning ● Docker Tag command (Semver, Calver, ...) ● Append build number ○ https://www.mojohaus.org/buildnumber-maven-plugin/ ● Git commit hash ○ https://github.com/git-commit-id/maven-git-commit-id-plugin
Security ● Know what in your container ● Vulnerability scanning (Docker EE, Microscanner, Clair, ...) ● Docker Content Trust ● Least privilege ○ Change USER ○ Read-only filesystems ○ Limit ressources ● Minimal container OS (Minimal attack surface) ● Monitoring & Auditing Tips and tricks from the captains session
How about (Integration) testing! ● Real world isolated testing ● Can be run during development ● Reproducible ● As real as possible (databases, brokers, ...) ● Cross platform ● Spot issues before they appear in prod ● Easy to run & maintain!!!
TestContainers ● Java library ● Supports of JVM testing framework (JUnit, Spock, ...) ● Provides lightweight, throwaway instances of common databases ● Port randomisation ● Containers Cleanup on JVM shutdown GenericContainer redis = new GenericContainer( "redis:3.0.6") .withExposedPorts( 6379);
Let’s go to (pre-)production! ● Petclinic: Spring App ● Modernizing legacy app with containers ● Optimizing resources ● Easy scaling ● Cloud ready ● Orchestration
Demo https://github.com/aboullaite/java-docker
Epic fail!
A brief history of containers & ... Container Runtime and Image Format Standards - Jeff Borek & Stephen Walli - KubeCon 2017
… & Java! zeroturnaround - A Short History of Nearly Everything Java https://zeroturnaround.com/rebellabs/a-short-history-of-nearly-everything-java/
JVM ergonomics The JVM has plenty of ergonomics which are based on the underlying system ● Memory ● # CPUs ● Exact CPU model ● Garbage collector ● JIT Optimizations ⇒ -XX:+PrintFlagsFinal -XX:+PrintGCDetails https://docs.oracle.com/javase/8/docs/technotes/guides/vm/gctuning/ergonomics.html
Memory Eden Tenured Permanent / Metaspace S0 S1 Young generation Old generation Permanent generation Heap Off Heap
CPU ● VM internal thread pools ● fork/join pool (Streams API) ● Core.asynk ● Elasticsearch ● Tomcat ● Jetty ● Netty ● Wildfly ● ... Runtime.getRuntime().availableProcessors()
Java 8u121 and before … forget about it!
Fabric8 got it right https://github.com/fabric8io-images/run-java-sh
java 9, 8u131 ● -XX:ParallelGCThreads and -XX:CICompilerCount are set based on Containers CPU limits (can be overridden) ○ calculated from --cpuset-cpus ● Memory Configuration ○ -XX:+UnlockExperimentalVMOptions ○ -XX:+UseCGroupMemoryLimitForHeap ○ set -XX:MaxRAMFraction to 2 (default is 4)
Java 10+ & 8u191 + More container awareness ● Improve heap memory allocations [JDK-8196595]: ○ -XX:InitialRAMPercentage, -XX:MaxRAMPercentage and -XX:MinRAMPercentage ○ -XX:InitialRAMFraction, -XX:MaxRAMFraction, and -XX:MinRAMFraction are Deprecated ● The total number of CPUs available to the Java process is calculated from --cpus, --cpu-shares, --cpu-quota [JDK-8146115] ○ Use -XX:-UseContainerSupport to return to the old behavior ○ # processors that the JVM will use internally -XX:ActiveProcessorCount ● Attach in linux became be relative to /proc/pid/root and namespace aware (jcmd, jstack, etc)
Java 11 More container awareness ● Removes -XX:+UnlockExperimentalVMOptions, -XX:+UseCGroupMemoryLimitForHeap [JDK-8194086] ● jcmd -l and jps commands do not list JVMs in Docker containers [JDK-8193710] ● Container Metrics (-XshowSettings:system) [JDK-8204107] ● Update CPU count algorithm when both cpu shares and quotas are used [JDK-8197867] ○ -XX:+PreferContainerQuotaForCPUCount
JVM Troubleshooting & Monitoring ● Built-in tools by JVM: ○ jstat ○ jcmd ○ jmap (Not recommended) ○ jhat … ● Expose JMX port ○ VisualVM ○ jConsole ● Micrometer ● Others: New Relic, Stackify, AppDynamics, Dynatrace... ● Docker commands ○ stats ○ inspect ○ top ● Container aware tools ○ ctop ○ dstat ● CAdvisor ● Prometheus ● Docker EE, Datadog, Sysdig, ...
Key takeaways ● Java <3 Docker ● Start your java 11 journey (or at least 8u191+) ● Java has a rich ecosystem ● Know your tools: ○ Build Custom JRE ○ CDC ○ AOP ○ GraalVM & Substrate VM
Hallway Track Thank you! hallwaytrack.dockercon.com/h allway-tracks/41300/ Wednesday May 1st at 2:00 pm @laytoun

Empfohlen

DCSF19 How To Build Your Containerization Strategy
DCSF19 How To Build Your Containerization Strategy DCSF19 How To Build Your Containerization Strategy
DCSF19 How To Build Your Containerization Strategy
Docker, Inc.
 
DCSF19 Transforming a 15+ Year Old Semiconductor Manufacturing Environment
DCSF19 Transforming a 15+ Year Old Semiconductor Manufacturing EnvironmentDCSF19 Transforming a 15+ Year Old Semiconductor Manufacturing Environment
DCSF19 Transforming a 15+ Year Old Semiconductor Manufacturing Environment
Docker, Inc.
 
DCSF19 Containers for Beginners
DCSF19 Containers for BeginnersDCSF19 Containers for Beginners
DCSF19 Containers for Beginners
Docker, Inc.
 
DCSF 19 Building Your Development Pipeline
DCSF 19 Building Your Development Pipeline DCSF 19 Building Your Development Pipeline
DCSF 19 Building Your Development Pipeline
Docker, Inc.
 
DCSF19 Container Security: Theory & Practice at Netflix
DCSF19 Container Security: Theory & Practice at NetflixDCSF19 Container Security: Theory & Practice at Netflix
DCSF19 Container Security: Theory & Practice at Netflix
Docker, Inc.
 
DCEU 18: How To Build Your Containerization Strategy
DCEU 18: How To Build Your Containerization StrategyDCEU 18: How To Build Your Containerization Strategy
DCEU 18: How To Build Your Containerization Strategy
Docker, Inc.
 
DCSF19 CMD and Conquer: Containerizing the Monolith
DCSF19 CMD and Conquer: Containerizing the Monolith DCSF19 CMD and Conquer: Containerizing the Monolith
DCSF19 CMD and Conquer: Containerizing the Monolith
Docker, Inc.
 
DCSF 19 Kubernetes and Container Storage Interface Update
DCSF 19 Kubernetes and Container Storage Interface UpdateDCSF 19 Kubernetes and Container Storage Interface Update
DCSF 19 Kubernetes and Container Storage Interface Update
Docker, Inc.
 

Empfohlen

DCSF19 How To Build Your Containerization Strategy
DCSF19 How To Build Your Containerization Strategy DCSF19 How To Build Your Containerization Strategy
DCSF19 How To Build Your Containerization Strategy
Docker, Inc.
 
DCSF19 Transforming a 15+ Year Old Semiconductor Manufacturing Environment
DCSF19 Transforming a 15+ Year Old Semiconductor Manufacturing EnvironmentDCSF19 Transforming a 15+ Year Old Semiconductor Manufacturing Environment
DCSF19 Transforming a 15+ Year Old Semiconductor Manufacturing Environment
Docker, Inc.
 
DCSF19 Containers for Beginners
DCSF19 Containers for BeginnersDCSF19 Containers for Beginners
DCSF19 Containers for Beginners
Docker, Inc.
 
DCSF 19 Building Your Development Pipeline
DCSF 19 Building Your Development Pipeline DCSF 19 Building Your Development Pipeline
DCSF 19 Building Your Development Pipeline
Docker, Inc.
 
DCSF19 Container Security: Theory & Practice at Netflix
DCSF19 Container Security: Theory & Practice at NetflixDCSF19 Container Security: Theory & Practice at Netflix
DCSF19 Container Security: Theory & Practice at Netflix
Docker, Inc.
 
DCEU 18: How To Build Your Containerization Strategy
DCEU 18: How To Build Your Containerization StrategyDCEU 18: How To Build Your Containerization Strategy
DCEU 18: How To Build Your Containerization Strategy
Docker, Inc.
 
DCSF19 CMD and Conquer: Containerizing the Monolith
DCSF19 CMD and Conquer: Containerizing the Monolith DCSF19 CMD and Conquer: Containerizing the Monolith
DCSF19 CMD and Conquer: Containerizing the Monolith
Docker, Inc.
 
DCSF 19 Kubernetes and Container Storage Interface Update
DCSF 19 Kubernetes and Container Storage Interface UpdateDCSF 19 Kubernetes and Container Storage Interface Update
DCSF 19 Kubernetes and Container Storage Interface Update
Docker, Inc.
 
Node.js Rocks in Docker for Dev and Ops
Node.js Rocks in Docker for Dev and OpsNode.js Rocks in Docker for Dev and Ops
Node.js Rocks in Docker for Dev and Ops
Bret Fisher
 
Modernizing Java Apps with Docker
Modernizing Java Apps with DockerModernizing Java Apps with Docker
Modernizing Java Apps with Docker
Docker, Inc.
 
DCSF 19 Modernizing Insurance with Docker Enterprise: The Physicians Mutual ...
DCSF 19 Modernizing Insurance with Docker Enterprise: The Physicians Mutual ...DCSF 19 Modernizing Insurance with Docker Enterprise: The Physicians Mutual ...
DCSF 19 Modernizing Insurance with Docker Enterprise: The Physicians Mutual ...
Docker, Inc.
 
DockerCon 15 Keynote - Day 2
DockerCon 15 Keynote - Day 2DockerCon 15 Keynote - Day 2
DockerCon 15 Keynote - Day 2
Docker, Inc.
 
Back to the Future: Containerize Legacy Applications - Rob Tanner, Northern T...
Back to the Future: Containerize Legacy Applications - Rob Tanner, Northern T...Back to the Future: Containerize Legacy Applications - Rob Tanner, Northern T...
Back to the Future: Containerize Legacy Applications - Rob Tanner, Northern T...
Docker, Inc.
 
Docker for Java Developers - Fabiane Nardon and Arun gupta
Docker for Java Developers - Fabiane Nardon and Arun guptaDocker for Java Developers - Fabiane Nardon and Arun gupta
Docker for Java Developers - Fabiane Nardon and Arun gupta
Docker, Inc.
 
DCEU 18: Docker Enterprise Platform and Architecture
DCEU 18: Docker Enterprise Platform and ArchitectureDCEU 18: Docker Enterprise Platform and Architecture
DCEU 18: Docker Enterprise Platform and Architecture
Docker, Inc.
 
DockerCon SF 2015: Docker in the New York Times Newsroom
DockerCon SF 2015: Docker in the New York Times NewsroomDockerCon SF 2015: Docker in the New York Times Newsroom
DockerCon SF 2015: Docker in the New York Times Newsroom
Docker, Inc.
 
DCEU 18: Docker Container Security
DCEU 18: Docker Container SecurityDCEU 18: Docker Container Security
DCEU 18: Docker Container Security
Docker, Inc.
 
Docker Bday #5, SF Edition: Introduction to Docker
Docker Bday #5, SF Edition: Introduction to DockerDocker Bday #5, SF Edition: Introduction to Docker
Docker Bday #5, SF Edition: Introduction to Docker
Docker, Inc.
 
Building Your Docker Swarm Tech Stack
Building Your Docker Swarm Tech StackBuilding Your Docker Swarm Tech Stack
Building Your Docker Swarm Tech Stack
Bret Fisher
 
Develop and deploy Kubernetes applications with Docker - IBM Index 2018
Develop and deploy Kubernetes applications with Docker - IBM Index 2018Develop and deploy Kubernetes applications with Docker - IBM Index 2018
Develop and deploy Kubernetes applications with Docker - IBM Index 2018
Patrick Chanezon
 
Java in a world of containers
Java in a world of containersJava in a world of containers
Java in a world of containers
Docker, Inc.
 
DCEU 18: Developing with Docker Containers
DCEU 18: Developing with Docker ContainersDCEU 18: Developing with Docker Containers
DCEU 18: Developing with Docker Containers
Docker, Inc.
 
DCEU 18: From Legacy Mainframe to the Cloud: The Finnish Railways Evolution w...
DCEU 18: From Legacy Mainframe to the Cloud: The Finnish Railways Evolution w...DCEU 18: From Legacy Mainframe to the Cloud: The Finnish Railways Evolution w...
DCEU 18: From Legacy Mainframe to the Cloud: The Finnish Railways Evolution w...
Docker, Inc.
 
DCEU 18: Use Cases and Practical Solutions for Docker Container Storage on Sw...
DCEU 18: Use Cases and Practical Solutions for Docker Container Storage on Sw...DCEU 18: Use Cases and Practical Solutions for Docker Container Storage on Sw...
DCEU 18: Use Cases and Practical Solutions for Docker Container Storage on Sw...
Docker, Inc.
 
Tales of Training: Scaling CodeLabs with Swarm Mode and Docker-Compose
Tales of Training: Scaling CodeLabs with Swarm Mode and Docker-ComposeTales of Training: Scaling CodeLabs with Swarm Mode and Docker-Compose
Tales of Training: Scaling CodeLabs with Swarm Mode and Docker-Compose
Docker, Inc.
 
Containerizing Hardware Accelerated Applications
Containerizing Hardware Accelerated ApplicationsContainerizing Hardware Accelerated Applications
Containerizing Hardware Accelerated Applications
Docker, Inc.
 
DCEU 18: State of the Docker Engine
DCEU 18: State of the Docker EngineDCEU 18: State of the Docker Engine
DCEU 18: State of the Docker Engine
Docker, Inc.
 
Docker in Production, Look No Hands! by Scott Coulton
Docker in Production, Look No Hands! by Scott CoultonDocker in Production, Look No Hands! by Scott Coulton
Docker in Production, Look No Hands! by Scott Coulton
Docker, Inc.
 
Commit to excellence - Java in containers
Commit to excellence - Java in containersCommit to excellence - Java in containers
Commit to excellence - Java in containers
Red Hat Developers
 
Java in a World of Containers - DockerCon 2018
Java in a World of Containers - DockerCon 2018Java in a World of Containers - DockerCon 2018
Java in a World of Containers - DockerCon 2018
Arun Gupta
 

Weitere ähnliche Inhalte

Was ist angesagt?

Node.js Rocks in Docker for Dev and Ops
Node.js Rocks in Docker for Dev and OpsNode.js Rocks in Docker for Dev and Ops
Node.js Rocks in Docker for Dev and Ops
Bret Fisher
 
Modernizing Java Apps with Docker
Modernizing Java Apps with DockerModernizing Java Apps with Docker
Modernizing Java Apps with Docker
Docker, Inc.
 
DCSF 19 Modernizing Insurance with Docker Enterprise: The Physicians Mutual ...
DCSF 19 Modernizing Insurance with Docker Enterprise: The Physicians Mutual ...DCSF 19 Modernizing Insurance with Docker Enterprise: The Physicians Mutual ...
DCSF 19 Modernizing Insurance with Docker Enterprise: The Physicians Mutual ...
Docker, Inc.
 
Back to the Future: Containerize Legacy Applications - Rob Tanner, Northern T...
Back to the Future: Containerize Legacy Applications - Rob Tanner, Northern T...Back to the Future: Containerize Legacy Applications - Rob Tanner, Northern T...
Back to the Future: Containerize Legacy Applications - Rob Tanner, Northern T...
Docker, Inc.
 
Docker for Java Developers - Fabiane Nardon and Arun gupta
Docker for Java Developers - Fabiane Nardon and Arun guptaDocker for Java Developers - Fabiane Nardon and Arun gupta
Docker for Java Developers - Fabiane Nardon and Arun gupta
Docker, Inc.
 
DCEU 18: Docker Enterprise Platform and Architecture
DCEU 18: Docker Enterprise Platform and ArchitectureDCEU 18: Docker Enterprise Platform and Architecture
DCEU 18: Docker Enterprise Platform and Architecture
Docker, Inc.
 
DockerCon SF 2015: Docker in the New York Times Newsroom
DockerCon SF 2015: Docker in the New York Times NewsroomDockerCon SF 2015: Docker in the New York Times Newsroom
DockerCon SF 2015: Docker in the New York Times Newsroom
Docker, Inc.
 
DCEU 18: Docker Container Security
DCEU 18: Docker Container SecurityDCEU 18: Docker Container Security
DCEU 18: Docker Container Security
Docker, Inc.
 
Java in a world of containers
Java in a world of containersJava in a world of containers
Java in a world of containers
Docker, Inc.
 
DCEU 18: From Legacy Mainframe to the Cloud: The Finnish Railways Evolution w...
DCEU 18: From Legacy Mainframe to the Cloud: The Finnish Railways Evolution w...DCEU 18: From Legacy Mainframe to the Cloud: The Finnish Railways Evolution w...
DCEU 18: From Legacy Mainframe to the Cloud: The Finnish Railways Evolution w...
Docker, Inc.
 
DCEU 18: Use Cases and Practical Solutions for Docker Container Storage on Sw...
DCEU 18: Use Cases and Practical Solutions for Docker Container Storage on Sw...DCEU 18: Use Cases and Practical Solutions for Docker Container Storage on Sw...
DCEU 18: Use Cases and Practical Solutions for Docker Container Storage on Sw...
Docker, Inc.
 
Tales of Training: Scaling CodeLabs with Swarm Mode and Docker-Compose
Tales of Training: Scaling CodeLabs with Swarm Mode and Docker-ComposeTales of Training: Scaling CodeLabs with Swarm Mode and Docker-Compose
Tales of Training: Scaling CodeLabs with Swarm Mode and Docker-Compose
Docker, Inc.
 
Containerizing Hardware Accelerated Applications
Containerizing Hardware Accelerated ApplicationsContainerizing Hardware Accelerated Applications
Containerizing Hardware Accelerated Applications
Docker, Inc.
 

Was ist angesagt? (20)

Node.js Rocks in Docker for Dev and Ops
Node.js Rocks in Docker for Dev and OpsNode.js Rocks in Docker for Dev and Ops
Node.js Rocks in Docker for Dev and Ops
 
Modernizing Java Apps with Docker
Modernizing Java Apps with DockerModernizing Java Apps with Docker
Modernizing Java Apps with Docker
 
DCSF 19 Modernizing Insurance with Docker Enterprise: The Physicians Mutual ...
DCSF 19 Modernizing Insurance with Docker Enterprise: The Physicians Mutual ...DCSF 19 Modernizing Insurance with Docker Enterprise: The Physicians Mutual ...
DCSF 19 Modernizing Insurance with Docker Enterprise: The Physicians Mutual ...
 
DockerCon 15 Keynote - Day 2
DockerCon 15 Keynote - Day 2DockerCon 15 Keynote - Day 2
DockerCon 15 Keynote - Day 2
 
Back to the Future: Containerize Legacy Applications - Rob Tanner, Northern T...
Back to the Future: Containerize Legacy Applications - Rob Tanner, Northern T...Back to the Future: Containerize Legacy Applications - Rob Tanner, Northern T...
Back to the Future: Containerize Legacy Applications - Rob Tanner, Northern T...
 
Docker for Java Developers - Fabiane Nardon and Arun gupta
Docker for Java Developers - Fabiane Nardon and Arun guptaDocker for Java Developers - Fabiane Nardon and Arun gupta
Docker for Java Developers - Fabiane Nardon and Arun gupta
 
DCEU 18: Docker Enterprise Platform and Architecture
DCEU 18: Docker Enterprise Platform and ArchitectureDCEU 18: Docker Enterprise Platform and Architecture
DCEU 18: Docker Enterprise Platform and Architecture
 
DockerCon SF 2015: Docker in the New York Times Newsroom
DockerCon SF 2015: Docker in the New York Times NewsroomDockerCon SF 2015: Docker in the New York Times Newsroom
DockerCon SF 2015: Docker in the New York Times Newsroom
 
DCEU 18: Docker Container Security
DCEU 18: Docker Container SecurityDCEU 18: Docker Container Security
DCEU 18: Docker Container Security
 
Docker Bday #5, SF Edition: Introduction to Docker
Docker Bday #5, SF Edition: Introduction to DockerDocker Bday #5, SF Edition: Introduction to Docker
Docker Bday #5, SF Edition: Introduction to Docker
 
Building Your Docker Swarm Tech Stack
Building Your Docker Swarm Tech StackBuilding Your Docker Swarm Tech Stack
Building Your Docker Swarm Tech Stack
 
Develop and deploy Kubernetes applications with Docker - IBM Index 2018
Develop and deploy Kubernetes applications with Docker - IBM Index 2018Develop and deploy Kubernetes applications with Docker - IBM Index 2018
Develop and deploy Kubernetes applications with Docker - IBM Index 2018
 
Java in a world of containers
Java in a world of containersJava in a world of containers
Java in a world of containers
 
DCEU 18: Developing with Docker Containers
DCEU 18: Developing with Docker ContainersDCEU 18: Developing with Docker Containers
DCEU 18: Developing with Docker Containers
 
DCEU 18: From Legacy Mainframe to the Cloud: The Finnish Railways Evolution w...
DCEU 18: From Legacy Mainframe to the Cloud: The Finnish Railways Evolution w...DCEU 18: From Legacy Mainframe to the Cloud: The Finnish Railways Evolution w...
DCEU 18: From Legacy Mainframe to the Cloud: The Finnish Railways Evolution w...
 
DCEU 18: Use Cases and Practical Solutions for Docker Container Storage on Sw...
DCEU 18: Use Cases and Practical Solutions for Docker Container Storage on Sw...DCEU 18: Use Cases and Practical Solutions for Docker Container Storage on Sw...
DCEU 18: Use Cases and Practical Solutions for Docker Container Storage on Sw...
 
Tales of Training: Scaling CodeLabs with Swarm Mode and Docker-Compose
Tales of Training: Scaling CodeLabs with Swarm Mode and Docker-ComposeTales of Training: Scaling CodeLabs with Swarm Mode and Docker-Compose
Tales of Training: Scaling CodeLabs with Swarm Mode and Docker-Compose
 
Containerizing Hardware Accelerated Applications
Containerizing Hardware Accelerated ApplicationsContainerizing Hardware Accelerated Applications
Containerizing Hardware Accelerated Applications
 
DCEU 18: State of the Docker Engine
DCEU 18: State of the Docker EngineDCEU 18: State of the Docker Engine
DCEU 18: State of the Docker Engine
 
Docker in Production, Look No Hands! by Scott Coulton
Docker in Production, Look No Hands! by Scott CoultonDocker in Production, Look No Hands! by Scott Coulton
Docker in Production, Look No Hands! by Scott Coulton
 

Ähnlich wie DCSF19 Docker Containers & Java: What I Wish I Had Been Told

Commit to excellence - Java in containers
Commit to excellence - Java in containersCommit to excellence - Java in containers
Commit to excellence - Java in containers
Red Hat Developers
 
Introduction to Docker and Containers
Introduction to Docker and ContainersIntroduction to Docker and Containers
Introduction to Docker and Containers
Docker, Inc.
 
A Gentle Introduction to Docker and Containers
A Gentle Introduction to Docker and ContainersA Gentle Introduction to Docker and Containers
A Gentle Introduction to Docker and Containers
Docker, Inc.
 
Java and Container - Make it Awesome !
Java and Container - Make it Awesome !Java and Container - Make it Awesome !
Java and Container - Make it Awesome !
Dinakar Guniguntala
 
Using Kubernetes for Continuous Integration and Continuous Delivery
Using Kubernetes for Continuous Integration and Continuous DeliveryUsing Kubernetes for Continuous Integration and Continuous Delivery
Using Kubernetes for Continuous Integration and Continuous Delivery
Carlos Sanchez
 
Using Kubernetes for Continuous Integration and Continuous Delivery. Java2days
Using Kubernetes for Continuous Integration and Continuous Delivery. Java2daysUsing Kubernetes for Continuous Integration and Continuous Delivery. Java2days
Using Kubernetes for Continuous Integration and Continuous Delivery. Java2days
Carlos Sanchez
 

Ähnlich wie DCSF19 Docker Containers & Java: What I Wish I Had Been Told (20)

Commit to excellence - Java in containers
Commit to excellence - Java in containersCommit to excellence - Java in containers
Commit to excellence - Java in containers
 
Java in a World of Containers - DockerCon 2018
Java in a World of Containers - DockerCon 2018Java in a World of Containers - DockerCon 2018
Java in a World of Containers - DockerCon 2018
 
Introduction to Docker and Containers
Introduction to Docker and ContainersIntroduction to Docker and Containers
Introduction to Docker and Containers
 
Introduction to Docker at SF Peninsula Software Development Meetup @Guidewire
Introduction to Docker at SF Peninsula Software Development Meetup @GuidewireIntroduction to Docker at SF Peninsula Software Development Meetup @Guidewire
Introduction to Docker at SF Peninsula Software Development Meetup @Guidewire
 
A Gentle Introduction to Docker and Containers
A Gentle Introduction to Docker and ContainersA Gentle Introduction to Docker and Containers
A Gentle Introduction to Docker and Containers
 
Docker 101
Docker 101 Docker 101
Docker 101
 
Apache Camel in the belly of the Docker whale
Apache Camel in the belly of the Docker whaleApache Camel in the belly of the Docker whale
Apache Camel in the belly of the Docker whale
 
Docker 0.11 at MaxCDN meetup in Los Angeles
Docker 0.11 at MaxCDN meetup in Los AngelesDocker 0.11 at MaxCDN meetup in Los Angeles
Docker 0.11 at MaxCDN meetup in Los Angeles
 
No more Dockerfiles? Buildpacks to help you ship your image!
No more Dockerfiles? Buildpacks to help you ship your image!No more Dockerfiles? Buildpacks to help you ship your image!
No more Dockerfiles? Buildpacks to help you ship your image!
 
Java and Container - Make it Awesome !
Java and Container - Make it Awesome !Java and Container - Make it Awesome !
Java and Container - Make it Awesome !
 
Using Kubernetes for Continuous Integration and Continuous Delivery
Using Kubernetes for Continuous Integration and Continuous DeliveryUsing Kubernetes for Continuous Integration and Continuous Delivery
Using Kubernetes for Continuous Integration and Continuous Delivery
 
Using Kubernetes for Continuous Integration and Continuous Delivery. Java2days
Using Kubernetes for Continuous Integration and Continuous Delivery. Java2daysUsing Kubernetes for Continuous Integration and Continuous Delivery. Java2days
Using Kubernetes for Continuous Integration and Continuous Delivery. Java2days
 
[Szjug] Docker. Does it matter for java developer?
[Szjug] Docker. Does it matter for java developer?[Szjug] Docker. Does it matter for java developer?
[Szjug] Docker. Does it matter for java developer?
 
Build optimization mechanisms in GitLab and Docker
Build optimization mechanisms in GitLab and DockerBuild optimization mechanisms in GitLab and Docker
Build optimization mechanisms in GitLab and Docker
 
Real-World Docker: 10 Things We've Learned
Real-World Docker: 10 Things We've Learned Real-World Docker: 10 Things We've Learned
Real-World Docker: 10 Things We've Learned
 
Introduction to Docker and all things containers, Docker Meetup at RelateIQ
Introduction to Docker and all things containers, Docker Meetup at RelateIQIntroduction to Docker and all things containers, Docker Meetup at RelateIQ
Introduction to Docker and all things containers, Docker Meetup at RelateIQ
 
A Gentle Introduction To Docker And All Things Containers
A Gentle Introduction To Docker And All Things ContainersA Gentle Introduction To Docker And All Things Containers
A Gentle Introduction To Docker And All Things Containers
 
Puppet Camp Seattle 2014: Docker and Puppet: 1+1=3
Puppet Camp Seattle 2014: Docker and Puppet: 1+1=3 Puppet Camp Seattle 2014: Docker and Puppet: 1+1=3
Puppet Camp Seattle 2014: Docker and Puppet: 1+1=3
 
Docker introduction
Docker introductionDocker introduction
Docker introduction
 
Drools, jBPM OptaPlanner presentation
Drools, jBPM OptaPlanner presentationDrools, jBPM OptaPlanner presentation
Drools, jBPM OptaPlanner presentation
 

Mehr von Docker, Inc.

Build & Deploy Multi-Container Applications to AWS
Build & Deploy Multi-Container Applications to AWSBuild & Deploy Multi-Container Applications to AWS
Build & Deploy Multi-Container Applications to AWS
Docker, Inc.
 
Distributed Deep Learning with Docker at Salesforce
Distributed Deep Learning with Docker at SalesforceDistributed Deep Learning with Docker at Salesforce
Distributed Deep Learning with Docker at Salesforce
Docker, Inc.
 
Monitoring in a Microservices World
Monitoring in a Microservices WorldMonitoring in a Microservices World
Monitoring in a Microservices World
Docker, Inc.
 
COVID-19 in Italy: How Docker is Helping the Biggest Italian IT Company Conti...
COVID-19 in Italy: How Docker is Helping the Biggest Italian IT Company Conti...COVID-19 in Italy: How Docker is Helping the Biggest Italian IT Company Conti...
COVID-19 in Italy: How Docker is Helping the Biggest Italian IT Company Conti...
Docker, Inc.
 
Predicting Space Weather with Docker
Predicting Space Weather with DockerPredicting Space Weather with Docker
Predicting Space Weather with Docker
Docker, Inc.
 
Monolithic to Microservices + Docker = SDLC on Steroids!
Monolithic to Microservices + Docker = SDLC on Steroids!Monolithic to Microservices + Docker = SDLC on Steroids!
Monolithic to Microservices + Docker = SDLC on Steroids!
Docker, Inc.
 
Kubernetes at Datadog Scale
Kubernetes at Datadog ScaleKubernetes at Datadog Scale
Kubernetes at Datadog Scale
Docker, Inc.
 
Build & Deploy Multi-Container Applications to AWS
Build & Deploy Multi-Container Applications to AWSBuild & Deploy Multi-Container Applications to AWS
Build & Deploy Multi-Container Applications to AWS
Docker, Inc.
 
From Fortran on the Desktop to Kubernetes in the Cloud: A Windows Migration S...
From Fortran on the Desktop to Kubernetes in the Cloud: A Windows Migration S...From Fortran on the Desktop to Kubernetes in the Cloud: A Windows Migration S...
From Fortran on the Desktop to Kubernetes in the Cloud: A Windows Migration S...
Docker, Inc.
 

Mehr von Docker, Inc. (20)

Containerize Your Game Server for the Best Multiplayer Experience
Containerize Your Game Server for the Best Multiplayer Experience Containerize Your Game Server for the Best Multiplayer Experience
Containerize Your Game Server for the Best Multiplayer Experience
 
How to Improve Your Image Builds Using Advance Docker Build
How to Improve Your Image Builds Using Advance Docker BuildHow to Improve Your Image Builds Using Advance Docker Build
How to Improve Your Image Builds Using Advance Docker Build
 
Build & Deploy Multi-Container Applications to AWS
Build & Deploy Multi-Container Applications to AWSBuild & Deploy Multi-Container Applications to AWS
Build & Deploy Multi-Container Applications to AWS
 
Securing Your Containerized Applications with NGINX
Securing Your Containerized Applications with NGINXSecuring Your Containerized Applications with NGINX
Securing Your Containerized Applications with NGINX
 
How To Build and Run Node Apps with Docker and Compose
How To Build and Run Node Apps with Docker and ComposeHow To Build and Run Node Apps with Docker and Compose
How To Build and Run Node Apps with Docker and Compose
 
Hands-on Helm
Hands-on Helm Hands-on Helm
Hands-on Helm
 
Distributed Deep Learning with Docker at Salesforce
Distributed Deep Learning with Docker at SalesforceDistributed Deep Learning with Docker at Salesforce
Distributed Deep Learning with Docker at Salesforce
 
The First 10M Pulls: Building The Official Curl Image for Docker Hub
The First 10M Pulls: Building The Official Curl Image for Docker HubThe First 10M Pulls: Building The Official Curl Image for Docker Hub
The First 10M Pulls: Building The Official Curl Image for Docker Hub
 
Monitoring in a Microservices World
Monitoring in a Microservices WorldMonitoring in a Microservices World
Monitoring in a Microservices World
 
COVID-19 in Italy: How Docker is Helping the Biggest Italian IT Company Conti...
COVID-19 in Italy: How Docker is Helping the Biggest Italian IT Company Conti...COVID-19 in Italy: How Docker is Helping the Biggest Italian IT Company Conti...
COVID-19 in Italy: How Docker is Helping the Biggest Italian IT Company Conti...
 
Predicting Space Weather with Docker
Predicting Space Weather with DockerPredicting Space Weather with Docker
Predicting Space Weather with Docker
 
Become a Docker Power User With Microsoft Visual Studio Code
Become a Docker Power User With Microsoft Visual Studio CodeBecome a Docker Power User With Microsoft Visual Studio Code
Become a Docker Power User With Microsoft Visual Studio Code
 
How to Use Mirroring and Caching to Optimize your Container Registry
How to Use Mirroring and Caching to Optimize your Container RegistryHow to Use Mirroring and Caching to Optimize your Container Registry
How to Use Mirroring and Caching to Optimize your Container Registry
 
Monolithic to Microservices + Docker = SDLC on Steroids!
Monolithic to Microservices + Docker = SDLC on Steroids!Monolithic to Microservices + Docker = SDLC on Steroids!
Monolithic to Microservices + Docker = SDLC on Steroids!
 
Kubernetes at Datadog Scale
Kubernetes at Datadog ScaleKubernetes at Datadog Scale
Kubernetes at Datadog Scale
 
Labels, Labels, Labels
Labels, Labels, Labels Labels, Labels, Labels
Labels, Labels, Labels
 
Using Docker Hub at Scale to Support Micro Focus' Delivery and Deployment Model
Using Docker Hub at Scale to Support Micro Focus' Delivery and Deployment ModelUsing Docker Hub at Scale to Support Micro Focus' Delivery and Deployment Model
Using Docker Hub at Scale to Support Micro Focus' Delivery and Deployment Model
 
Build & Deploy Multi-Container Applications to AWS
Build & Deploy Multi-Container Applications to AWSBuild & Deploy Multi-Container Applications to AWS
Build & Deploy Multi-Container Applications to AWS
 
From Fortran on the Desktop to Kubernetes in the Cloud: A Windows Migration S...
From Fortran on the Desktop to Kubernetes in the Cloud: A Windows Migration S...From Fortran on the Desktop to Kubernetes in the Cloud: A Windows Migration S...
From Fortran on the Desktop to Kubernetes in the Cloud: A Windows Migration S...
 
Developing with Docker for the Arm Architecture
Developing with Docker for the Arm ArchitectureDeveloping with Docker for the Arm Architecture
Developing with Docker for the Arm Architecture
 

Kürzlich hochgeladen

TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
Igalia
 
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Principled Technologies
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Miguel Araújo
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
Joaquim Jorge
 

Kürzlich hochgeladen (20)

Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024
 
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 

DCSF19 Docker Containers & Java: What I Wish I Had Been Told

  • 1. Docker containers & java What I wish I’ve been told!
  • 2. Mohammed Aboullaite @laytoun Deputy CTO - xHub Docker containers & java!
  • 4. Agenda ● Java in containers … a good idea ? ● Creating effective Java Docker Images: smaller, faster, secure. ● Tools and libraries: build, versioning, testing ● Going to production … what we should know !? ● Java & Docker Container features
  • 6. Even if you don’t run containers … You’re in a container! You’re always in a container!
  • 9. Your Java Runtime... ● Oracle JDK ● OpenJDK builds by Oracle ● AdoptOpenJDK builds ● AdoptOpenJDK OpenJ9 builds ● Linux (Red Hat, Debian, Fedora, Arch, Ubuntu) OpenJDK builds ● Azul Zulu ● Amazon Corretto ● SAP SapMachine ● Liberica from Bellsoft https://blog.joda.org/2018/09/time-to-look-beyond-oracles-jdk.html
  • 10. Image size Java • Java Modularity • Code refactoring • Dependencies Docker • Smaller base image • Layers & Caching (dockerfilelint) • Clean up right away • Dockerignore (faster builds) • Multistage Build • docker-squash https://docs.docker.com/develop/develop-images/dockerfile_best-practices/
  • 11. Did someone say alpine ?! Lightweight Linux distribution based on musl libc and busybox Project Portola: https://openjdk.java.net/projects/portola/
  • 12. Did someone say alpine ?!
  • 14. Distroless Container Image “Distroless" images contain only your application and its runtime dependencies. They do not contain package managers, shells or any other programs you would expect to find in a standard Linux distribution.” ● Built using Google’s bazel tool ● Provide stripped down base image ● Support for: Java, Golang, Dotnet, Node, Python, C https://github.com/GoogleContainerTools/distroless
  • 15. Why should I care ?! ● Effective tracking: Improves the signal to noise of scanners (e.g. CVE) ● Time and cost: Faster updates, less network costs ● Security: Less components that can be exploited and smaller attack surface Tips and tricks from Docker captains
  • 16. Fast startup Java • Java 11 • Class-Data Sharing: since java 5 • Ahead-Of-Time compilation: since java 9 • Native image build: Graal VM
  • 20. Maven ● fabric8-maven-plugin (Fabric8) ● dockerfile-maven-plugin (spotify) ● Maven exec plugin (Not elegant!) Maven fabric8 docker maven Maven spotify docker maven spotify docker client Maven maven exec
  • 21. Gradle ● Docker Gradle Plugin (Benjamin Muschko) ● Docker Gradle Plugin (palantir) ● Docker Gradle Plugin (Transmode) Gradle palantir gradle docker Gradle Transmode gradle docker Docker java client Gradle Benjamin gradle docker Docker java client
  • 22. Google Jib Fast for incremental builds Daemonless Pure Java Reproducible Maven and Gradle Support
  • 23. What it does ... FROM gcr.io/distroless/java COPY target/dependencies /app/dependencies COPY target/resources /app/resources COPY target/classes /app/classes ENTRYPOINT java -cp /app/dependencies/*:/app/resources:/app/classes my.app.Main
  • 24. Image versioning ● Docker Tag command (Semver, Calver, ...) ● Append build number ○ https://www.mojohaus.org/buildnumber-maven-plugin/ ● Git commit hash ○ https://github.com/git-commit-id/maven-git-commit-id-plugin
  • 25. Security ● Know what in your container ● Vulnerability scanning (Docker EE, Microscanner, Clair, ...) ● Docker Content Trust ● Least privilege ○ Change USER ○ Read-only filesystems ○ Limit ressources ● Minimal container OS (Minimal attack surface) ● Monitoring & Auditing Tips and tricks from the captains session
  • 26. How about (Integration) testing! ● Real world isolated testing ● Can be run during development ● Reproducible ● As real as possible (databases, brokers, ...) ● Cross platform ● Spot issues before they appear in prod ● Easy to run & maintain!!!
  • 27. TestContainers ● Java library ● Supports of JVM testing framework (JUnit, Spock, ...) ● Provides lightweight, throwaway instances of common databases ● Port randomisation ● Containers Cleanup on JVM shutdown GenericContainer redis = new GenericContainer( "redis:3.0.6") .withExposedPorts( 6379);
  • 28. Let’s go to (pre-)production! ● Petclinic: Spring App ● Modernizing legacy app with containers ● Optimizing resources ● Easy scaling ● Cloud ready ● Orchestration
  • 31. A brief history of containers & ... Container Runtime and Image Format Standards - Jeff Borek & Stephen Walli - KubeCon 2017
  • 32. … & Java! zeroturnaround - A Short History of Nearly Everything Java https://zeroturnaround.com/rebellabs/a-short-history-of-nearly-everything-java/
  • 33. JVM ergonomics The JVM has plenty of ergonomics which are based on the underlying system ● Memory ● # CPUs ● Exact CPU model ● Garbage collector ● JIT Optimizations ⇒ -XX:+PrintFlagsFinal -XX:+PrintGCDetails https://docs.oracle.com/javase/8/docs/technotes/guides/vm/gctuning/ergonomics.html
  • 34. Memory Eden Tenured Permanent / Metaspace S0 S1 Young generation Old generation Permanent generation Heap Off Heap
  • 35. CPU ● VM internal thread pools ● fork/join pool (Streams API) ● Core.asynk ● Elasticsearch ● Tomcat ● Jetty ● Netty ● Wildfly ● ... Runtime.getRuntime().availableProcessors()
  • 36. Java 8u121 and before … forget about it!
  • 37. Fabric8 got it right https://github.com/fabric8io-images/run-java-sh
  • 38. java 9, 8u131 ● -XX:ParallelGCThreads and -XX:CICompilerCount are set based on Containers CPU limits (can be overridden) ○ calculated from --cpuset-cpus ● Memory Configuration ○ -XX:+UnlockExperimentalVMOptions ○ -XX:+UseCGroupMemoryLimitForHeap ○ set -XX:MaxRAMFraction to 2 (default is 4)
  • 39. Java 10+ & 8u191 + More container awareness ● Improve heap memory allocations [JDK-8196595]: ○ -XX:InitialRAMPercentage, -XX:MaxRAMPercentage and -XX:MinRAMPercentage ○ -XX:InitialRAMFraction, -XX:MaxRAMFraction, and -XX:MinRAMFraction are Deprecated ● The total number of CPUs available to the Java process is calculated from --cpus, --cpu-shares, --cpu-quota [JDK-8146115] ○ Use -XX:-UseContainerSupport to return to the old behavior ○ # processors that the JVM will use internally -XX:ActiveProcessorCount ● Attach in linux became be relative to /proc/pid/root and namespace aware (jcmd, jstack, etc)
  • 40. Java 11 More container awareness ● Removes -XX:+UnlockExperimentalVMOptions, -XX:+UseCGroupMemoryLimitForHeap [JDK-8194086] ● jcmd -l and jps commands do not list JVMs in Docker containers [JDK-8193710] ● Container Metrics (-XshowSettings:system) [JDK-8204107] ● Update CPU count algorithm when both cpu shares and quotas are used [JDK-8197867] ○ -XX:+PreferContainerQuotaForCPUCount
  • 41. JVM Troubleshooting & Monitoring ● Built-in tools by JVM: ○ jstat ○ jcmd ○ jmap (Not recommended) ○ jhat … ● Expose JMX port ○ VisualVM ○ jConsole ● Micrometer ● Others: New Relic, Stackify, AppDynamics, Dynatrace... ● Docker commands ○ stats ○ inspect ○ top ● Container aware tools ○ ctop ○ dstat ● CAdvisor ● Prometheus ● Docker EE, Datadog, Sysdig, ...
  • 42. Key takeaways ● Java <3 Docker ● Start your java 11 journey (or at least 8u191+) ● Java has a rich ecosystem ● Know your tools: ○ Build Custom JRE ○ CDC ○ AOP ○ GraalVM & Substrate VM